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Fig. 2 



202 

CREATE AND STORE GROUP LIST(S) AND RESOURCE 
DEFINITIONS IN A DATA STORE 



204 

CREATE AND STORE INFORMATION DEFINING A USER OF A 
NETWORK COMPUTER AS A MEMBER OF A GROUP 





20fi 

CREATE AND STORE ONE OR MORE ACCESS CONTROLS 
REFERRING TO GROUPS AND RESOURCES, USING 
RESTRICTIVE POLICY 














208 

PERFORM NETWORK ADDRESS BINDING RESOLUTION TO BIND 
EACH USER TO A SPECIFIC NETWORK ADDRESS 






210 

SEND EACH NETWORK ADDRESS TO EACH POLICY ENFORCEMENT 
POINT IN ASSOCIATION WITH GROUP IDENTIFIER OF THE GROUP OF 
THE USER WHO IS BOUND TO THE NETWORK ADDRESS 



212 

UPDATE GROUP MEMBERSHIP AT 
POLICY ENFORCEMENT POINT 




Fig. 3 
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ENFORCE POLICY BASED ON ACCESS CONTROLS 














m. 

DETERMINE THAT USER HAS DISCONTINUED USE OF NETWORK 

COMPUTER 








318 

SEND EACH NETWORK ADDRESS TO EACH POLICY ENFORCEMENT 
POINT WITH INSTRUCTION TO REMOVE FROM THE GROUP OF THE 
USER WHO IS BOUND TO THE NETWORK ADDRESS 



Fig. 4A 



402 

DEFINE SECURITY ZONE THAT INCLUDES A SWITCH, ONE OR 
MORE POLICY ENFORCEMENT POINTS, AND A DHCP SERVER 





404 

USER BOOTS MACHINE ON A PORT OF THE SWITCH 








406 

RECEIVE NETWORK ADDRESS FROM DHCP SERVER 












408 

INITIATE AUTHENTICATION MECHANISM; PROMPT 
USER WITH CHALLENGE 










410 

USER SUCCESSFULLY RESPONDS TO CHALLENGE, E.G., 
WITH AUTHENTICATED USERNAME AND PASSWORD 



• # 

Fig. 4B 



412 

PERFORM NETWORK ADDRESS BINDING RESOLUTION 



414 

ASSOCIATE USER WITH A GROUP 



416 

DISTRIBUTE NETWORK ADDRESS AND GROUP BINDING TO ALL 
POLICY ENFORCEMENT POINTS OF THE SECURITY ZONE 



418 

ADD USER NETWORK ADDRESS TO GROUP ACCESS CONTROL 
LISTS TO WHICH THE USER BELONGS 



